unpushed

openssh-7.2p2-5.fc23 and selinux-policy-3.13.1-158.22.fc23

FEDORA-2016-9402100276 created by lvrabec 8 years ago for Fedora 23

Updates for openssh and selinux-policy fixes issue when SELinux user "guest_t" can run sudo command.

This update has been submitted for testing by lvrabec.

8 years ago

This update has obsoleted openssh-7.2p2-4.fc23, and has inherited its bugs and notes.

8 years ago

lvrabec edited this update.

8 years ago

lvrabec edited this update.

8 years ago

lvrabec edited this update.

8 years ago

lvrabec edited this update.

8 years ago

This update has been pushed to testing.

8 years ago
User Icon jjelen commented & provided feedback 8 years ago

Nope. This fixes the problem of guest_t running sudo, but breaks the chroot:

https://github.com/fedora-selinux/selinux-policy/commit/ca094ff25a544b684b05aece35a03e132f4c7e1c

this should go to the sshd_t instead.

BZ#1356245 guest_t can run sudo
BZ#1357860 guest_t can run sudo
User Icon filiperosset commented & provided feedback 8 years ago
karma

no regressions noted

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for testing

User Icon williamjmorenor commented & provided feedback 8 years ago
karma

wfm

This update has been unpushed.


Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-2
Stable by Karma
6
Stable by Time
disabled
Thresholds
Minimum Karma
+2
Minimum Testing
14 days
Dates
submitted
8 years ago
in testing
8 years ago
modified
8 years ago
BZ#1356245 guest_t can run sudo
-1
0
BZ#1357442 CVE-2016-6210 openssh: User enumeration via covert timing channel
0
0
BZ#1357443 CVE-2016-6210 openssh: User enumeration via covert timing channel [fedora-all]
0
0
BZ#1357860 guest_t can run sudo
-1
0

Automated Test Results

Test Cases

0 0 Test Case OpenSSH